摘要
针对传统的分布式高速网络多层防御方法存在计算速度慢、防御性能不佳等问题,设计并提出基于攻击图的分布式高速网络多层防御方法。首先将攻击图和通用安全脆弱点评估系统相结合,删除攻击图中的不可达路径,简化攻击图,同时组建分布式高速网络多层防御模型。然后分析攻击图中的各个入侵动作,组建带权防御策略集,通过最小代价阻止网络恶意入侵。在此基础上,引入二进制粒子群算法,获取攻击图的最小关键策略集,完成了基于攻击图的分布式高速网络多层防御。仿真结果表明,所提方法进行分布式高速网络多层防御所需时间短,防御性能较好,能够快速准确实现分布式高速网络多层防御。
Due to low computing rate and poor defense performance in the traditional multi-layer defense method of distributed high-speed network,a multi-layer defense method based on attack graph was designed and proposed.Firstly,the attack graph was combined with the general security assessment system for vulnerability to delete the unreachable path in attack graph,so as to simplify the attack graph.Meanwhile,a model of multi-layer defense of distributed high-speed network was built.Then,each intrusion in attack graph was analyzed and the defense strategy set with weight was constructed.Moreover,malicious network intrusion was prevented by minimum cost.On this basis,the binary particle swarm optimization algorithm was introduced to obtain the minimum key strategy set of attack graph.Thus,the multi-layer defense of distributed high-speed network based on the attack graph was completed.Simulation results show that the proposed method takes a short time for multi-layer defense of distributed high-speed network.In addition,this method has good defense performance,which can achieve multi-layer defense of distributed high-speed network quickly and accurately.
作者
吴伟敏
张丽
WU Wei-min;ZHANG Li(College of Educational Science and Technology,Nanjing University of Post and Telecommunications,Nanjing Jiangsu 210023,China)
出处
《计算机仿真》
北大核心
2020年第7期354-357,367,共5页
Computer Simulation
基金
国家重点研发计划(2017YFD0600801)。
关键词
攻击图
分布式
高速网络
多层防御
Attack graph
Distributed
High-speed network
Multilayer defense
